win7 zamrzne u startu / PUP.Dealply.malware

[EkZiT]

tady je vypis z RSIT.
kdyz zapinam pc tak u nacitani windows loading ztmavne obraz a jen mys jezdi. funguje jen nouzovy rezim a Malwarebytes' Anti-Malware ani CCleaner nepomahaji.
prosim o pomoc

[EkZiT]

myslim ze to bude neco jako tohle : http://forum.viry.cz/viewtopic.php?f=13&t=133319

[EkZiT]

tady je log z AdwCleaneru:

# AdwCleaner v3.016 - Report created 23/12/2013 at 08:22:32
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : EkZiT - EKZIT-PC
# Running from : C:\Users\EkZiT\Downloads\Desktop\adwcleaner (1).exe
# Option : Scan

***** [ Services ] *****

Service Found : dealplylive
Service Found : dealplylivem

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\Dealply
File Found : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
File Found : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
File Found : C:\Windows\System32\Tasks\MetaCrawler
File Found : C:\Windows\Tasks\Dealply.job
File Found : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
File Found : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
File Found : C:\Windows\Tasks\MetaCrawler.job
Folder Found : C:\Users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA6}
Folder Found : C:\Users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\Extensions\5101eaf4bbe47@5101eaf4bbe80.com
Folder Found : C:\Users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\Extensions\staged
Folder Found : C:\Users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\Extensions\WebSiteRecommendation@weliketheweb.com
Folder Found C:\Program Files (x86)\DealPly
Folder Found C:\Program Files (x86)\DealPlyLive
Folder Found C:\Program Files (x86)\MetaCrawler
Folder Found C:\ProgramData\AlawarWrapper
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\DealPlyLive
Folder Found C:\Users\EkZiT\AppData\Local\AlawarWrapper
Folder Found C:\Users\EkZiT\AppData\Local\DealPlyLive
Folder Found C:\Users\EkZiT\AppData\Local\thinstall
Folder Found C:\Users\EkZiT\AppData\Roaming\BitLord
Folder Found C:\Users\EkZiT\AppData\Roaming\DealPly
Folder Found C:\Users\EkZiT\AppData\Roaming\MetaCrawler
Folder Found C:\Users\EkZiT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found C:\Users\EkZiT\AppData\Roaming\OpenCandy
Folder Found C:\Users\EkZiT\AppData\Roaming\SimilarSites
Folder Found C:\Users\EkZiT\AppData\Roaming\thinstall

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\DealPlyLive
Key Found : HKCU\Software\dt soft\daemon tools toolbar
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MGShareware
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\DealPly
Key Found : [x64] HKCU\Software\DealPlyLive
Key Found : [x64] HKCU\Software\dt soft\daemon tools toolbar
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\MGShareware
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Found : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Key Found : HKLM\Software\DealPly
Key Found : HKLM\Software\DealPlyLive
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\MGShareware
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_facebook-chat-im_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_facebook-chat-im_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Key Found : HKLM\Software\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\EkZiT\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9550 octets] - [23/12/2013 08:10:50]
AdwCleaner[R1].txt - [9442 octets] - [23/12/2013 08:22:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [9502 octets] ##########

[EkZiT]

a tady je po restartu adwcleaner :


# AdwCleaner v3.016 - Report created 23/12/2013 at 08:25:13
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : EkZiT - EKZIT-PC
# Running from : C:\Users\EkZiT\Downloads\Desktop\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : dealplylive
[#] Service Deleted : dealplylivem

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\DealPlyLive
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\DealPlyLive
Folder Deleted : C:\Program Files (x86)\MetaCrawler
Folder Deleted : C:\Users\EkZiT\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\EkZiT\AppData\Local\thinstall
Folder Deleted : C:\Users\EkZiT\AppData\Local\AlawarWrapper
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\BitLord
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\DealPly
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\MetaCrawler
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\thinstall
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\Extensions\5101eaf4bbe47@5101eaf4bbe80.com
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\Extensions\staged
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\Extensions\WebSiteRecommendation@weliketheweb.com
Folder Deleted : C:\Users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA6}
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
File Deleted : C:\Windows\Tasks\MetaCrawler.job
File Deleted : C:\Windows\System32\Tasks\MetaCrawler

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_facebook-chat-im_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_facebook-chat-im_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\DealPlyLive
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MGShareware
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\DealPlyLive
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\MGShareware
Key Deleted : HKLM\Software\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\EkZiT\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9550 octets] - [23/12/2013 08:10:50]
AdwCleaner[R1].txt - [9610 octets] - [23/12/2013 08:22:32]
AdwCleaner[S0].txt - [9476 octets] - [23/12/2013 08:25:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9536 octets] ##########

[EkZiT]

a tady vypis z Rougue killer :

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : EkZiT [Práva správce]
Mód : Kontrola -- Datum : 12/23/2013 08:49:14
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe [-] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 10 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 11 ¤¤¤
[V2][SUSP PATH] {3D0509F8-0702-481F-80D1-3EDEF8918E6E} : C:\Users\EkZiT\Desktop\arcomage\Arcomage.exe [x] -> NALEZENO
[V2][SUSP PATH] {410F04E9-09EC-419C-AB0C-20110C9FE547} : C:\Users\EkZiT\Desktop\BF2 SP Bot Change v2.1.exe [x] -> NALEZENO
[V2][SUSP PATH] {5778A40B-9FF4-4B24-AA66-CFBBDF410147} : C:\Users\EkZiT\Desktop\Crysis2.exe [x] -> NALEZENO
[V2][SUSP UNIC] {76E8BDE3-120A-407E-BC09-E56E7DE1BB63} : D:\Program Files (x86)\Electronic Arts\The Lord of the Rings - Conquest?��\Conquest.exe [x] -> NALEZENO
[V2][SUSP PATH] {948D5337-414F-4197-B002-3966716D3AF5} : C:\Users\EkZiT\Desktop\arcomage\Arcomage.exe [x] -> NALEZENO
[V2][SUSP PATH] {A920377E-426C-4562-A12C-3287994BF066} : C:\Users\EkZiT\Desktop\night_mission_pinball_1982.exe [x] -> NALEZENO
[V2][SUSP PATH] {ABDC5909-2C58-4790-8556-7DF5F5A5AB8B} : C:\Users\EkZiT\Desktop\wizardry7\DUNGEON.EXE [x] -> NALEZENO
[V2][SUSP PATH] {AF3EF8F6-7994-4635-8A1B-7C73F1EA0D8C} : C:\Users\EkZiT\Downloads\Desktop\Virtual Cop 2\Virtual Cop 2.EXE [x] -> NALEZENO
[V2][SUSP PATH] {C7379468-F590-498C-BB22-5F78075D18C9} : C:\Users\EkZiT\Desktop\UnrealTournament\System\UnrealEd.exe [x] -> NALEZENO
[V2][SUSP PATH] {EC64B7D2-9AB3-491E-B1DB-1BC0B88D97D9} : C:\Users\EkZiT\Desktop\BF2 SP Bot Change v2.1.exe [x] -> NALEZENO
[V2][SUSP PATH] RunDAOD : C:\Windows\DAODx.exe [-] -> NALEZENO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][desky] Install : C:\Users\EkZiT\AppData\Local\Google\Desktop\Install [-] --> NALEZENO
[ZeroAccess][desky] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> NALEZENO

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ZeroAccess ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500JD-00HBC0 ATA Device +++++
--- User ---
[MBR] 50ce9f2ebd246bcddc86a7525051309d
[BSP] 5a08f160f6f864fa3987b708506a2092 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3320620AS ATA Device +++++
--- User ---
[MBR] 6280f07def463ccf6037eea261c20e1c
[BSP] 968545a53e2134a42546c540bff1775b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 312560640 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST3160827AS ATA Device +++++
--- User ---
[MBR] 4ab310880d0c4596bde5d24e49563fe5
[BSP] ca52d943811c1a60b3010465b99e9edf : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 146484 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 300003326 | Size: 6141 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_12232013_084914.txt >>

[vyosek]

Zdravim

Jak si tu sam odpovidate, tak nam to muze zapadnout

Prectete si prosim pravidla fora, mimo jine se tam doctete

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je! Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

Mate tam peknou mrchu

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[EkZiT]

tak to se omlouvam, tady je ten rkill:

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/24/2013 01:13:25 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Possibly Patched Files.

* C:\Windows\Explorer.EXE

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to !
* HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WMPNetworkSvc [Missing Service]

Searching for Missing Digital Signatures:

* C:\Windows\System32\UxTheme.dll : 332 288 : 04/21/2013 04:33 PM : 8bf20c54ffb37cfb960f708ffa813fa7 [NoSig]
+-> C:\Windows\SysWOW64\uxtheme.dll : 245 760 : 07/14/2009 02:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332 288 : 07/14/2009 02:41 AM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245 760 : 07/14/2009 02:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]

* C:\Windows\explorer.exe : 2 910 208 : 02/25/2011 07:19 AM : 7dad18e6a2d7bec9c129ed9718166d48 [NoSig]
+-> C:\Windows\erdnt\cache86\explorer.exe : 2 871 808 : 02/25/2011 07:19 AM : 332feab1435662fc6c672e25beb37be3 [Pos Repl]
+-> C:\Windows\SysWOW64\explorer.exe : 2 616 320 : 02/25/2011 06:30 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2 868 224 : 07/14/2009 02:39 AM : c235a51cb740e45ffa0ebfb9bafcda64 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe : 2 868 224 : 08/03/2009 07:17 AM : f170b4a061c9e026437b193b4d571799 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe : 2 870 272 : 10/31/2009 07:34 AM : 9aaaec8dac27aa17b053e6352ad233ae [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe : 2 870 272 : 02/26/2011 07:23 AM : 0862495e0c825893db75ef44faea8e93 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe : 2 868 224 : 08/03/2009 07:19 AM : 700073016dac1c3d2e7e2ce4223334b6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe : 2 870 272 : 10/31/2009 07:38 AM : b8ec4bd49ce8f6fc457721bfc210b67f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe : 2 870 784 : 02/26/2011 07:26 AM : e38899074d4951d31b4040e994dd7c8d [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe : 2 872 320 : 11/20/2010 02:24 PM : ac4c51eb24aa95b77f705ab159189e24 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe : 2 871 808 : 02/25/2011 07:19 AM : 332feab1435662fc6c672e25beb37be3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe : 2 871 808 : 02/26/2011 07:14 AM : 3b69712041f3d63605529bd66dc00c48 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2 613 248 : 07/14/2009 02:14 AM : 15bc38a7492befe831966adb477cf76f [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe : 2 613 248 : 08/03/2009 06:35 AM : b95eeb0f4e5efbf1038a35b3351cf047 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe : 2 614 272 : 10/31/2009 06:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe : 2 614 784 : 02/26/2011 06:33 AM : 2af58d15edc06ec6fdacce1f19482bbf [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe : 2 613 248 : 08/03/2009 06:49 AM : 9ff6c4c91a3711c0a3b18f87b08b518d [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe : 2 614 272 : 10/31/2009 07:00 AM : c76153c7eca00fa852bb0c193378f917 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe : 2 614 784 : 02/26/2011 06:51 AM : 255cf508d7cfb10e0794d6ac93280bd8 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe : 2 616 320 : 11/20/2010 01:17 PM : 40d777b7a95e00593eb1568c68514493 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe : 2 616 320 : 02/25/2011 06:30 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe : 2 616 320 : 02/26/2011 06:19 AM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 12/24/2013 01:16:42 PM
Execution time: 0 hours(s), 3 minute(s), and 17 seconds(s)

[vyosek]

Pokracujte ComboFixem

[EkZiT]

ComboFix 13-12-24.01 - EkZiT 24.12.2013 13:29:12.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6142.3420 [GMT 1:00]
Spuštěný z: c:\users\EkZiT\Downloads\Desktop\ComboFix.exe
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\users\EkZiT\AppData\Local\MSGBOX.EXE
c:\users\EkZiT\AppData\Roaming\.#
c:\users\EkZiT\xobglu32.dll
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\themeui.dll.tmp
c:\windows\SysWow64\uxtheme.dll.tmp
D:\install.exe
L:\EXPLORER.EXE
L:\reg.reg
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Service_NEWDRIVER
-------\Service_Run
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-24 do 2013-12-24 )))))))))))))))))))))))))))))))
.
.
2013-12-24 12:39 . 2013-12-24 12:43 -------- d-----w- c:\users\EkZiT\AppData\Local\temp
2013-12-24 12:39 . 2013-12-24 12:39 -------- d-----w- c:\users\repair\AppData\Local\temp
2013-12-24 12:39 . 2013-12-24 12:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-24 12:39 . 2013-12-24 12:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-12-24 12:39 . 2013-12-24 12:39 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-12-24 12:39 . 2013-12-24 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-24 12:39 . 2013-12-24 12:39 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-12-24 08:11 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28162E42-60A2-4FBD-BDA2-B5D90CB69EBE}\mpengine.dll
2013-12-23 22:12 . 2013-12-23 22:12 119808 ----a-r- c:\users\EkZiT\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-12-23 22:04 . 2013-12-23 22:04 -------- d-----w- c:\program files (x86)\WinToFlash Suggestor
2013-12-23 07:48 . 2013-12-23 07:48 9728 ----a-w- c:\windows\system32\drivers\umpass.sys.bak
2013-12-23 07:44 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-23 07:44 . 2013-12-23 07:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-23 07:32 . 2013-12-23 07:32 -------- d-----w- C:\found.000
2013-12-23 07:10 . 2013-12-23 07:25 -------- d-----w- C:\AdwCleaner
2013-12-23 07:01 . 2013-12-23 07:15 -------- d-----w- C:\rsit
2013-12-23 07:01 . 2013-12-23 07:01 -------- d-----w- c:\program files\trend micro
2013-12-23 06:53 . 2013-12-23 06:53 -------- d-----w- C:\FRST
2013-12-23 05:34 . 2013-12-23 05:34 -------- d-----w- c:\users\EkZiT\AppData\Roaming\Malwarebytes
2013-12-23 04:14 . 2013-12-23 04:14 -------- d-----w- c:\programdata\HP
2013-12-23 04:08 . 2013-12-23 04:08 15856 ----a-w- c:\users\cc_20131223_050851.reg
2013-12-20 21:39 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-12-20 21:39 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-12-14 23:51 . 2013-12-14 23:51 -------- d-----w- c:\users\EkZiT\AppData\Roaming\Proxy Studios
2013-12-14 22:35 . 2013-12-14 22:35 -------- d-----w- c:\users\EkZiT\AppData\Roaming\Gomo
2013-12-14 21:54 . 2013-12-14 21:54 -------- d-----w- C:\Games
2013-12-12 13:39 . 2013-03-07 08:49 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
2013-12-12 13:39 . 2013-04-11 13:10 2498216 ----a-w- c:\windows\SysWow64\BootMan.exe
2013-12-12 13:39 . 2013-03-28 18:02 3376640 ----a-w- c:\windows\system32\BootMan.exe
2013-12-12 13:39 . 2013-03-07 08:49 9160 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
2013-12-12 13:39 . 2013-03-07 08:49 87112 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
2013-12-12 13:39 . 2013-03-07 08:49 13896 ----a-w- c:\windows\SysWow64\epmntdrv.sys
2013-12-12 13:39 . 2013-03-07 08:49 9800 ----a-w- c:\windows\system32\EuGdiDrv.sys
2013-12-12 13:39 . 2013-03-07 08:49 17480 ----a-w- c:\windows\system32\epmntdrv.sys
2013-12-12 13:39 . 2013-03-07 08:49 100936 ----a-w- c:\windows\system32\setupempdrvx64.exe
2013-12-12 13:39 . 2013-03-07 08:49 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
2013-12-12 13:39 . 2013-12-12 13:39 -------- d-----w- c:\program files (x86)\EaseUS
2013-12-02 17:08 . 2013-12-08 13:55 -------- d-----w- C:\____new
2013-11-29 18:46 . 2013-11-29 18:46 -------- d-----w- C:\debug
2013-11-29 18:45 . 2013-12-23 06:24 -------- d-----w- c:\program files (x86)\Windows Doctor
2013-11-29 13:56 . 2013-11-29 13:56 63488 ----a-w- c:\users\EkZiT\xobglu16.dll
2013-11-29 00:21 . 2013-11-29 00:21 128796 ----a-w- c:\users\cc_20131129_012109.reg
2013-11-27 01:38 . 2013-11-27 01:40 3140 --sha-w- c:\windows\SysWow64\KGyGaAvL.sys
2013-11-27 01:38 . 2013-11-27 01:38 8 --sh--r- c:\windows\SysWow64\2912DA9DF7.sys
2013-11-27 01:38 . 2013-11-27 01:38 -------- d-----w- c:\users\EkZiT\AppData\Roaming\Corel
2013-11-27 01:36 . 2013-11-27 01:36 65536 ----a-r- c:\users\EkZiT\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2013-11-27 01:35 . 2013-11-27 01:35 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2013-11-27 01:34 . 2013-11-27 01:34 -------- d-----w- c:\programdata\Corel
2013-11-27 01:34 . 2013-11-27 01:34 -------- d-----w- c:\program files (x86)\Corel
2013-11-27 01:34 . 2013-11-27 01:34 -------- d-----w- c:\program files (x86)\Common Files\Corel
2013-11-27 01:18 . 2013-11-27 01:18 -------- d-----w- c:\users\EkZiT\AppData\Roaming\Autodesk
2013-11-27 01:18 . 2013-11-27 01:18 -------- d-----w- c:\programdata\Alias
2013-11-26 23:32 . 2013-11-26 23:45 -------- d-----w- c:\program files (x86)\Need For Speed Rivals
2013-11-26 20:01 . 2013-11-26 20:01 -------- d-----w- c:\users\EkZiT\AppData\Roaming\dekovir
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-24 01:24 . 2011-12-11 07:43 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-24 01:24 . 2011-10-07 21:11 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-24 01:23 . 2011-12-11 07:43 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-20 21:29 . 2011-12-11 07:43 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-12-16 02:00 . 2010-06-03 14:00 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-10 23:18 . 2012-11-18 20:31 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 23:18 . 2011-08-06 05:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 02:13 . 2013-11-20 16:46 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-11-20 16:46 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-05 08:42 . 2013-10-02 00:03 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-11-20 11:36 . 2013-11-20 11:36 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-11-20 11:36 . 2013-11-20 11:36 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-11-20 11:36 . 2013-11-20 11:36 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-11-19 02:33 . 2010-05-24 17:48 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 11:56 . 2013-10-02 01:49 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-14 11:56 . 2013-11-20 16:51 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-11-14 11:56 . 2013-11-20 16:51 1242400 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-11-14 11:56 . 2012-03-14 19:27 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-14 11:56 . 2013-11-20 16:51 9619872 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-11-14 11:56 . 2013-11-20 16:51 11514624 ----a-w- c:\windows\system32\nvopencl.dll
2013-11-14 11:56 . 2013-10-02 01:49 30361888 ----a-w- c:\windows\system32\nvoglv64.dll
2013-11-14 11:56 . 2013-11-20 16:51 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-11-14 11:56 . 2013-11-20 16:51 22951200 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-11-14 11:56 . 2013-11-20 16:51 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-11-14 11:56 . 2013-11-20 16:51 12613408 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-11-14 11:56 . 2013-11-20 16:51 707360 ----a-w- c:\windows\system32\NvFBC64.dll
2013-11-14 11:56 . 2013-11-20 16:51 657184 ----a-w- c:\windows\system32\NvIFR64.dll
2013-11-14 11:56 . 2013-11-20 16:51 609568 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-11-14 11:56 . 2013-11-20 16:51 562464 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-11-14 11:56 . 2013-11-20 16:51 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-11-14 11:56 . 2013-11-20 16:51 1511712 ----a-w- c:\windows\system32\nvdispgenco6433182.dll
2013-11-14 11:56 . 2013-11-20 16:51 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-11-14 11:56 . 2013-11-20 16:51 1884448 ----a-w- c:\windows\system32\nvdispco6433182.dll
2013-11-14 11:56 . 2013-11-20 16:51 18208624 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-11-14 11:56 . 2013-10-02 01:49 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-11-14 11:56 . 2013-11-20 16:51 3132704 ----a-w- c:\windows\system32\nvcuvid.dll
2013-11-14 11:56 . 2013-11-20 16:51 2947872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-11-14 11:56 . 2013-11-20 16:51 9691888 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-11-14 11:56 . 2013-11-20 16:51 3125024 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-11-14 11:56 . 2013-11-20 16:51 2747680 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-11-14 11:56 . 2013-11-20 16:51 11600432 ----a-w- c:\windows\system32\nvcuda.dll
2013-11-14 11:56 . 2013-11-20 16:51 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
2013-11-14 11:56 . 2013-11-20 16:51 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-11-14 11:56 . 2013-10-02 01:49 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-14 11:56 . 2013-10-02 01:49 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-14 11:38 . 2013-07-08 19:59 709144 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-11-14 11:38 . 2013-06-18 14:15 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-11-11 15:02 . 2012-03-12 19:21 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:02 . 2012-03-12 19:21 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:01 . 2012-03-12 19:21 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2012-03-12 19:21 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2012-03-12 19:21 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-11-11 15:01 . 2012-03-12 19:21 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 15:01 . 2012-03-14 19:28 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-11 07:59 . 2013-11-11 07:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-23 10:30 . 2013-11-08 16:15 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-23 10:30 . 2013-11-08 16:15 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-12 02:30 . 2013-11-14 01:28 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 01:28 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 01:28 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 01:28 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 01:28 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 06:50 . 2013-11-21 15:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25 . 2013-11-14 01:28 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 01:28 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 01:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 01:28 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 01:28 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 01:28 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 01:28 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 01:28 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-14 01:28 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-14 01:28 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-10-03 01:04 . 2012-01-28 14:54 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2013-09-28 01:09 . 2013-11-14 01:28 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-27 08:57 . 2013-10-02 01:49 1884448 ----a-w- c:\windows\system32\nvdispco6433140.dll
2013-09-27 08:57 . 2013-10-02 01:49 1511712 ----a-w- c:\windows\system32\nvdispgenco6433140.dll
2010-01-26 09:11 . 2013-02-16 17:02 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2009-12-06 09:18 26624 --sh--w- c:\windows\bfcs2.dll
.

[EkZiT]

nejde to cely odeslat, tak sem to pridal do souboru

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Restore::
  C:\Windows\System32\UxTheme.dll
  C:\Windows\explorer.exe
  
  Folder::
  C:\Users\EkZiT\AppData\Local\Google\Desktop\Install
  C:\Program Files (x86)\Google\Desktop\Install
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
  "3212083974"=-
  
  DDS::
  uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
  
  Firefox::
  FF - ProfilePath - c:\users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\
  FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo
  FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
  
  RegNull::
  [HKEY_USERS\S-1-5-21-28354313-2184747063-3306077547-1000\Software\SecuROM\License information*]
  
  ClearJavaCache::
  
  Reboot::
  

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[EkZiT]

ComboFix 13-12-24.01 - EkZiT 24.12.2013 14:40:29.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6142.4270 [GMT 1:00]
Spuštěný z: c:\users\EkZiT\Downloads\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\EkZiT\Downloads\Desktop\cfscript.txt
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Desktop\Install
c:\users\EkZiT\AppData\Local\Google\Desktop\Install
.
Nakažená kopie c:\windows\explorer.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
.
Nakažená kopie c:\windows\System32\UxTheme.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-24 do 2013-12-24 )))))))))))))))))))))))))))))))
.
.
2013-12-24 13:49 . 2013-12-24 13:52 -------- d-----w- c:\users\EkZiT\AppData\Local\temp
2013-12-24 13:49 . 2013-12-24 13:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-24 13:49 . 2013-12-24 13:49 -------- d-----w- c:\users\repair\AppData\Local\temp
2013-12-24 13:49 . 2013-12-24 13:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-24 13:49 . 2013-12-24 13:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-12-24 13:49 . 2013-12-24 13:49 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-12-24 13:49 . 2013-12-24 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-24 13:49 . 2013-12-24 13:49 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-12-24 08:11 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28162E42-60A2-4FBD-BDA2-B5D90CB69EBE}\mpengine.dll
2013-12-23 22:12 . 2013-12-23 22:12 119808 ----a-r- c:\users\EkZiT\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-12-23 22:04 . 2013-12-23 22:04 -------- d-----w- c:\program files (x86)\WinToFlash Suggestor
2013-12-23 07:48 . 2013-12-23 07:48 9728 ----a-w- c:\windows\system32\drivers\umpass.sys.bak
2013-12-23 07:44 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-23 07:44 . 2013-12-23 07:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-23 07:32 . 2013-12-23 07:32 -------- d-----w- C:\found.000
2013-12-23 07:10 . 2013-12-23 07:25 -------- d-----w- C:\AdwCleaner
2013-12-23 07:01 . 2013-12-23 07:15 -------- d-----w- C:\rsit
2013-12-23 07:01 . 2013-12-23 07:01 -------- d-----w- c:\program files\trend micro
2013-12-23 06:53 . 2013-12-23 06:53 -------- d-----w- C:\FRST
2013-12-23 05:34 . 2013-12-23 05:34 -------- d-----w- c:\users\EkZiT\AppData\Roaming\Malwarebytes
2013-12-23 04:14 . 2013-12-23 04:14 -------- d-----w- c:\programdata\HP
2013-12-23 04:08 . 2013-12-23 04:08 15856 ----a-w- c:\users\cc_20131223_050851.reg
2013-12-20 21:39 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-12-20 21:39 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-12-14 23:51 . 2013-12-14 23:51 -------- d-----w- c:\users\EkZiT\AppData\Roaming\Proxy Studios
2013-12-14 22:35 . 2013-12-14 22:35 -------- d-----w- c:\users\EkZiT\AppData\Roaming\Gomo
2013-12-14 21:54 . 2013-12-14 21:54 -------- d-----w- C:\Games
2013-12-12 13:39 . 2013-03-07 08:49 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
2013-12-12 13:39 . 2013-04-11 13:10 2498216 ----a-w- c:\windows\SysWow64\BootMan.exe
2013-12-12 13:39 . 2013-03-28 18:02 3376640 ----a-w- c:\windows\system32\BootMan.exe
2013-12-12 13:39 . 2013-03-07 08:49 9160 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
2013-12-12 13:39 . 2013-03-07 08:49 87112 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
2013-12-12 13:39 . 2013-03-07 08:49 13896 ----a-w- c:\windows\SysWow64\epmntdrv.sys
2013-12-12 13:39 . 2013-03-07 08:49 9800 ----a-w- c:\windows\system32\EuGdiDrv.sys
2013-12-12 13:39 . 2013-03-07 08:49 17480 ----a-w- c:\windows\system32\epmntdrv.sys
2013-12-12 13:39 . 2013-03-07 08:49 100936 ----a-w- c:\windows\system32\setupempdrvx64.exe
2013-12-12 13:39 . 2013-03-07 08:49 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
2013-12-12 13:39 . 2013-12-12 13:39 -------- d-----w- c:\program files (x86)\EaseUS
2013-12-02 17:08 . 2013-12-08 13:55 -------- d-----w- C:\____new
2013-11-29 18:46 . 2013-11-29 18:46 -------- d-----w- C:\debug
2013-11-29 18:45 . 2013-12-23 06:24 -------- d-----w- c:\program files (x86)\Windows Doctor
2013-11-29 13:56 . 2013-11-29 13:56 63488 ----a-w- c:\users\EkZiT\xobglu16.dll
2013-11-29 00:21 . 2013-11-29 00:21 128796 ----a-w- c:\users\cc_20131129_012109.reg
2013-11-27 01:38 . 2013-11-27 01:40 3140 --sha-w- c:\windows\SysWow64\KGyGaAvL.sys
2013-11-27 01:38 . 2013-11-27 01:38 8 --sh--r- c:\windows\SysWow64\2912DA9DF7.sys
2013-11-27 01:38 . 2013-11-27 01:38 -------- d-----w- c:\users\EkZiT\AppData\Roaming\Corel
2013-11-27 01:36 . 2013-11-27 01:36 65536 ----a-r- c:\users\EkZiT\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2013-11-27 01:35 . 2013-11-27 01:35 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2013-11-27 01:34 . 2013-11-27 01:34 -------- d-----w- c:\programdata\Corel
2013-11-27 01:34 . 2013-11-27 01:34 -------- d-----w- c:\program files (x86)\Corel
2013-11-27 01:34 . 2013-11-27 01:34 -------- d-----w- c:\program files (x86)\Common Files\Corel
2013-11-27 01:18 . 2013-11-27 01:18 -------- d-----w- c:\users\EkZiT\AppData\Roaming\Autodesk
2013-11-27 01:18 . 2013-11-27 01:18 -------- d-----w- c:\programdata\Alias
2013-11-26 23:32 . 2013-11-26 23:45 -------- d-----w- c:\program files (x86)\Need For Speed Rivals
2013-11-26 20:01 . 2013-11-26 20:01 -------- d-----w- c:\users\EkZiT\AppData\Roaming\dekovir
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-24 01:24 . 2011-12-11 07:43 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-24 01:24 . 2011-10-07 21:11 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-24 01:23 . 2011-12-11 07:43 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-20 21:29 . 2011-12-11 07:43 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-12-16 02:00 . 2010-06-03 14:00 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-10 23:18 . 2012-11-18 20:31 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 23:18 . 2011-08-06 05:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 02:13 . 2013-11-20 16:46 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-11-20 16:46 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-05 08:42 . 2013-10-02 00:03 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-11-20 11:36 . 2013-11-20 11:36 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-11-20 11:36 . 2013-11-20 11:36 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-11-20 11:36 . 2013-11-20 11:36 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-11-19 02:33 . 2010-05-24 17:48 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 11:56 . 2013-10-02 01:49 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-14 11:56 . 2013-11-20 16:51 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-11-14 11:56 . 2013-11-20 16:51 1242400 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-11-14 11:56 . 2012-03-14 19:27 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-14 11:56 . 2013-11-20 16:51 9619872 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-11-14 11:56 . 2013-11-20 16:51 11514624 ----a-w- c:\windows\system32\nvopencl.dll
2013-11-14 11:56 . 2013-10-02 01:49 30361888 ----a-w- c:\windows\system32\nvoglv64.dll
2013-11-14 11:56 . 2013-11-20 16:51 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-11-14 11:56 . 2013-11-20 16:51 22951200 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-11-14 11:56 . 2013-11-20 16:51 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-11-14 11:56 . 2013-11-20 16:51 12613408 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-11-14 11:56 . 2013-11-20 16:51 707360 ----a-w- c:\windows\system32\NvFBC64.dll
2013-11-14 11:56 . 2013-11-20 16:51 657184 ----a-w- c:\windows\system32\NvIFR64.dll
2013-11-14 11:56 . 2013-11-20 16:51 609568 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-11-14 11:56 . 2013-11-20 16:51 562464 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-11-14 11:56 . 2013-11-20 16:51 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-11-14 11:56 . 2013-11-20 16:51 1511712 ----a-w- c:\windows\system32\nvdispgenco6433182.dll
2013-11-14 11:56 . 2013-11-20 16:51 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-11-14 11:56 . 2013-11-20 16:51 1884448 ----a-w- c:\windows\system32\nvdispco6433182.dll
2013-11-14 11:56 . 2013-11-20 16:51 18208624 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-11-14 11:56 . 2013-10-02 01:49 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-11-14 11:56 . 2013-11-20 16:51 3132704 ----a-w- c:\windows\system32\nvcuvid.dll
2013-11-14 11:56 . 2013-11-20 16:51 2947872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-11-14 11:56 . 2013-11-20 16:51 9691888 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-11-14 11:56 . 2013-11-20 16:51 3125024 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-11-14 11:56 . 2013-11-20 16:51 2747680 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-11-14 11:56 . 2013-11-20 16:51 11600432 ----a-w- c:\windows\system32\nvcuda.dll
2013-11-14 11:56 . 2013-11-20 16:51 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
2013-11-14 11:56 . 2013-11-20 16:51 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-11-14 11:56 . 2013-10-02 01:49 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-14 11:56 . 2013-10-02 01:49 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-14 11:38 . 2013-07-08 19:59 709144 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-11-14 11:38 . 2013-06-18 14:15 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-11-11 15:02 . 2012-03-12 19:21 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:02 . 2012-03-12 19:21 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:01 . 2012-03-12 19:21 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2012-03-12 19:21 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2012-03-12 19:21 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-11-11 15:01 . 2012-03-12 19:21 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 15:01 . 2012-03-14 19:28 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-11 07:59 . 2013-11-11 07:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-23 10:30 . 2013-11-08 16:15 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-23 10:30 . 2013-11-08 16:15 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-12 02:30 . 2013-11-14 01:28 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 01:28 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 01:28 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 01:28 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 01:28 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 06:50 . 2013-11-21 15:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25 . 2013-11-14 01:28 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 01:28 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 01:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 01:28 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 01:28 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 01:28 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 01:28 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 01:28 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-14 01:28 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-14 01:28 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-10-03 01:04 . 2012-01-28 14:54 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2013-09-28 01:09 . 2013-11-14 01:28 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-27 08:57 . 2013-10-02 01:49 1884448 ----a-w- c:\windows\system32\nvdispco6433140.dll
2013-09-27 08:57 . 2013-10-02 01:49 1511712 ----a-w- c:\windows\system32\nvdispgenco6433140.dll
2010-01-26 09:11 . 2013-02-16 17:02 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2009-12-06 09:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}]
2012-05-25 15:38 281424 ----a-w- c:\program files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyGames"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R1 ntiomin;ntiomin; [x]
R1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys;c:\windows\SYSNATIVE\DRIVERS\vdrv1000.sys [x]
R1 WinFPdrv;WinFPdrv;SysWOW64\WinFPdrv.sys;SysWOW64\WinFPdrv.sys [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 cpuz130;cpuz130;c:\users\EkZiT\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\EkZiT\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\Drivers\HDJCtrl.sys;c:\windows\SYSNATIVE\Drivers\HDJCtrl.sys [x]
R3 HDJMidi;Hercules DJ Control MP3 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys;c:\windows\SYSNATIVE\drivers\HH10Help.sys [x]
R3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys;c:\windows\SYSNATIVE\DRIVERS\JakNDis.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys [x]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys;c:\windows\SYSNATIVE\DRIVERS\pctNdis64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SaiK0CEA;SaiK0CEA;c:\windows\system32\DRIVERS\SaiK0CEA.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CEA.sys [x]
R3 SaiU0CEA;SaiU0CEA;c:\windows\system32\DRIVERS\SaiU0CEA.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CEA.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd2.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\SysWOW64\fsproflt2.exe;c:\windows\SysWOW64\fsproflt2.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys;c:\windows\SYSNATIVE\drivers\VMfilt64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 23:18]
.
2013-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-28354313-2184747063-3306077547-1000Core.job
- c:\users\EkZiT\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 04:36]
.
2013-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-28354313-2184747063-3306077547-1000UA.job
- c:\users\EkZiT\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 04:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1612504]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout s Mipony
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.235.1
TCP: Interfaces\{CEEBD37D-F1B9-4569-9EFC-16CAC7FB1836}: NameServer = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\users\EkZiT\AppData\Roaming\Mozilla\Firefox\Profiles\8124rlsi.default\
FF - ExtSQL: !HIDDEN! 2012-06-01 21:08; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-metaCrawler - c:\program files (x86)\metaCrawler\1.8.19.0\uninstall.exe
AddRemove-Wubi - f:\ubuntu\uninstall-wubi.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Hide Folders 2012\hf.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\windows\DAODx.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Common Files\Protexis\License Service\PSIService.exe
.
**************************************************************************
.
Celkový čas: 2013-12-24 14:58:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-24 13:58
ComboFix2.txt 2013-12-24 12:50
.
Před spuštěním: 4 729 442 304
Po spuštění: 4 226 134 016
.
- - End Of File - - 7CBBC960024D305D42C47332DB52D2FD
413FC2A0C716421B3158746D63736515

[vyosek]

Jak se chova PC??

[EkZiT]

jede o neco lip, da se rict ze tak jak ma, ale spustenych procesu je 81 . neni to moc ?

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Dejte novy log z RSIT a mrknem na ty procesy